<%@ page language="java" import="java.sql.*"%>

<html>
<title>Manager Account </title>
<body>
<center>
<p><font color="#0080FF" size="25">Account Information</font></p>
<%
   
       try
       {       

               if(session.getAttribute("logged_in") == "true")
               {
			
	              if(session.getAttribute("user_level") == "administrator")
	              {
                	String DRIVER = "com.mysql.jdbc.Driver";
                 	Class.forName(DRIVER);

                 	Connection con=null;
                 	ResultSet rst=null;
                 	ResultSet rstAfter=null;
                 	Statement stmt=null;
                 	Statement stmtAfter=null;
                 	Statement stmtUp = null;
            

                 	String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
                 	con=DriverManager.getConnection(url);
                 	stmt=con.createStatement();
                 	stmtUp = con.createStatement();
                 	stmtAfter = con.createStatement();

                 	String sql = "SELECT * FROM user WHERE username = '" + session.getAttribute("username") + "' AND password = '" + request.getParameter("oldpassword") + "';";
                 	rst=stmt.executeQuery(sql);
         
                     	if(rst.next())
                     	{   
                                if(rst.getString(4).equals(request.getParameter("oldpassword")))
                         	{
			     		sql = "UPDATE user SET  name = '" + request.getParameter("name") + "', password = '" + request.getParameter("newpassword") + "' WHERE username = '" + request.getParameter("username") + "';";
                             		stmtUp.executeUpdate(sql);
                             		//out.println("update: " + sql +"<br />");

                              		%><br>Id: <label><%=rst.getString(1)%></label>
                              		<br>User Name: <label><%=rst.getString(3)%></label>
                              		<% 
                              		String sqlAfter = "SELECT * FROM user WHERE username = '" + session.getAttribute("username") + "' AND password = '" + request.getParameter("newpassword") + "';";
                              		rstAfter=stmtAfter.executeQuery(sqlAfter);
                              		rstAfter.next();

                              		%><pr>
                              		<br>Name: <label><%=rstAfter.getString(2)%></label>
                              		<br> <h3>Your Password has been changed </h3>
                              		<br> <a href=menu.jsp>Main Menu</a><% 
                        	}
				else
				{
					out.println("Incorrect Password");	
				}
                              	rst.close();
                              	stmt.close();
                              	con.close();
                         
                     	}
		}
                else
                {    
		    String DRIVER = "com.mysql.jdbc.Driver";
                    Class.forName(DRIVER);

                    Connection con=null;
                    ResultSet rst=null;
                    ResultSet rstAfter=null;
                    Statement stmt=null;
                    Statement stmtAfter=null;
                    Statement stmtUp = null;
            

                    String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
                    con=DriverManager.getConnection(url);
                    stmt=con.createStatement();
                    stmtUp = con.createStatement();
                    stmtAfter = con.createStatement();

                    String sql = "SELECT * FROM user WHERE username = '" + session.getAttribute("username") + "' AND password = '" + request.getParameter("oldpassword") + "';";
                    rst=stmt.executeQuery(sql);
                 
                    if(rst.next())
                    {    
                        if(rst.getString(4).equals(request.getParameter("oldpassword")))
                    	{
                   		sql = "UPDATE user SET password = '" + request.getParameter("newpassword") + "', name = '" + request.getParameter("name") + "' WHERE username = '" + session.getAttribute("username") + "';";
                        	stmtUp.executeUpdate(sql);
                        	//out.println("update: " + sql +"<br />");

                        	%><br>Id: <label><%=rst.getString(1)%></label>
                        	<br>User Name: <label><%=rst.getString(3)%></label>
                        	<% 
                        
				String sqlAfter = "SELECT * FROM user WHERE username = '" + session.getAttribute("username") + "' AND password = '" + request.getParameter("newpassword") + "';";
           

                        	rstAfter=stmtAfter.executeQuery(sqlAfter);
                        	rstAfter.next();

                        	%><br>Name: <label><%=rstAfter.getString(2)%></label>
                        	<br> <h3>Your Password has been changed </h3>
                        	<br> <a href=menu.jsp>Main Menu</a><% 
                    	
		       	        rst.close();
         			stmt.close();
         			con.close();
            		}
			else
			{
				out.println("<p><h1>Incorrect Password</h1></p>");
			}
        	    }
	        }
        }
        else
	{
            out.println("Not Logged In");
	}
    }
        catch(Exception e)
    {
        out.println(e);
    }

            %>


        </center>

    </body>
</html>
